Beginning in 2017, all new Level 4 merchants were required to use only Payment Card Industry (PCI)-certified QIR solutions providers for POS application and terminal installation and integration.
In March, the PCI Security Standards Council (PCI SSC) announced new changes to the PCI Qualified Integrators and Resellers (QIR) Program in response to industry feedback and data breach report findings. The program changes are designed to increase the number of QIRs and equip them to help merchants reduce risk by mitigating the leading causes of payment data breaches.
The PCI SSC QIR program offers specialized data security training and certification to individuals that install, configure and/or support payment systems. PCI SSC maintains a listing of PCI QIRs on its website for merchants to use in identifying and selecting trusted partners. Since the program was established in 2012, breach reports highlight that smaller merchants are increasingly under attack, and that the majority of merchant payment data breaches could be prevented by addressing three critical issues: insecure remote access, weak password practices and outdated and unpatched software.
Data breach - those two words can (and should) scare the heck out of business owners. It is everywhere in the news. I think on some level, people are just throwing their hands up in the air at this point. However, we don't want our customers to go through this experience - no one wants the CIA showing up at their back door or having their funds frozen because of a suspected breach.
To help you understand the impacts, we wanted to share this article by Justin Zeigler, the director of product development and marketing at Datacap Systems. (Datacap Systems develops integrated payment interfaces for any type Point of Sale Application - so they are very in tune with security for point of sale systems.) In this article, he discusses:
- What Is a Data Breach and How Do They Most Commonly Occur?
- What Can You Expect When a Breach Occurs? What Are the Steps?
- Who Is Liable?
- Best Practices to Prevent Breaches and Mitigate Liability
- Using a QIR (Qualified Integrators and Resellers) Certified Reseller
As a business owner, it is vital to understand the effects of a breach on your business, your customers and your employees.
Read this eye opening article below:
With all the talk about EMV, PCI and Security requirements have taken a back seat when talking about accepting credit cards at a business.
Did you know that any merchant installing a PA-DSS (payment application should be using a company that is a PCI-certified QIR professional? The Payment Application Data Security Standard (PA-DSS) is the global security standard created by the Payment Card Industry Security Standards Council (PCI SSC).
An acquirer will not be allowed to board a merchant as of March 31st 2016 if they are not installed by a QIR. (An acquiring bank, or acquirer, is a bank or financial institution that processes credit or debit card payments on behalf of a merchant.)
Visa advised acquirers that as of January 2017, all new Level 4 merchants must use only Payment Card Industry (PCI)-certified QIR solutions providers for POS application and terminal installation and integration.
Today we are happy to announce that we are a QIR Certified POS Provider. A BIG shout out to Jesse Dison for the successful completion of the Qualified Integrators and Resellers course.
The Qualified Integrators & Resellers course provides an opportunity for eligible professionals of qualifying organizations to receive training and qualification on the secure installation of Payment Application Data Security Standard (PA-DSS)-validated payment applications into merchant environments in a manner that facilitates PCI Data Security Standard compliance.
To learn more about the Small Merchant Security Program Requirements download the security bulletin here.
To learn more about how you can reduce your risk and PCI requirements, read the rest of the article here.